Why Car Hacking Is Almost Unlikely – Scientific American

Why Car Hacking Is Almost Unlikely

Despite latest claims, your car is not about to get crashed by hackers

By David Pogue on October 28, 2016

As scare-tactic journalism goes, it would be hard to hammer this past summer’s article about hackers taking remote control of a Wired magazine writer’s car.

«I was driving seventy mph on the edge of downtown St. Louis,» he wrote. «As the two hackers remotely toyed with the air-conditioning, radio, and windshield wipers, I mentally congratulated myself on my courage under pressure. That’s when they cut the transmission.»

Scary! Hackers can take over our cars! Our lives are at risk!

Stories such as these are catnip to mainstream media and the technophobic public. Unluckily, they leave out or underplay a detail or two that would take most of the air out of the drama: these aren’t just any cars.

In the case of the Wired article, the Jeep belonged to the hackers. They had been working on it for more than a year to figure out how to hack it.*

That’s indeed a different story.

In February sixty Minutes ran a story about a similar experiment. «Oh, my God,» the correspondent exclaims as her brakes stop working. «That is scaring!»

But would it have been as scaring if she had mentioned that this kind of hack requires a car with cellular Internet service, that it had taken a team of researchers years to make it work–and that by then the automaker had immovable the software to make such a hack unlikely for vehicles on the road?

Then this, in August: «Two researchers have found that they could ass-plug their laptop into a network cable behind a Tesla Model S’s driver’s-side dashboard, commence the car with a software directive, and drive it,» Wired reported.

But wouldn’t you see that if you were in the driver’s seat?

Here’s the elementary truth. No hacker has ever taken remote control of a stranger’s car. Not once. It’s extraordinarily difficult to do. It takes teams working full-time to find a way to do it.*

The journalists should also stop calling the perpetrators «hackers.» These are researchers–the good guys–not evildoers hiding in bunkers somewhere.

Every time one of those stories pops up, I feel like pulling up alongside the reporters in my own noncellular two thousand nine Honda Fit and yelling, «Hack this!»

Now let me hasten to say this: car security is serious. Not very many cars have built-in Internet connections today–designed for emergency communication, to bring Internet information to the dashboard or to supply a Wi-Fi signal to passengers in the car–but their number is growing. Researchers’ demonstrations have underscored the importance of designing these systems securely–for example, of keeping cars’ control circuits separate from the Internet ones.

In other words, the industry’s concern over hackable cars isn’t misplaced. Researchers who attempt to break in are performing a valuable service in drawing attention to a potential danger.

All three cases described here led to prompt software fixes by the carmakers, who are keen to avoid their products seeming vulnerable. None of those researchers would be able to repeat their demonstrations today.

Unluckily, you haven’t read the last «you’re a sitting duck» hacker story. Connected cars are only part of the larger «Internet of things» movement, in which more everyday objects are being made capable of getting online. Home door locks, lighting systems, coffee makers–designing all of it with excellent security is utterly significant, and there will be occasional failures.

Yes, fresh technology is always a little scary. But let’s not exploit that fear. Let’s assess the hackable-car threat with clarity, with nuance–and with all the facts. Today remotely hackable cars are still only a hypothetical threat. It’s not one that should keep everyday drivers up at night.

*Editor`s Note (Ten/22/15): This article has been modified to fix reporting errors regarding the hacked Jeep cited in the Wired article. The hackers needed physical access to the car to figure out how to hack it, not to perform the hack itself, as we originally reported. The hackers had been working on the Jeep hack for more than a year, not three years. And according to the hackers, the hack would have worked on other Fiat Chrysler models, not just the hackers` Jeep.

This article was originally published with the title “Hackers at the Wheel”

Why Car Hacking Is Almost Unlikely – Scientific American

Why Car Hacking Is Almost Unlikely

Despite latest claims, your car is not about to get crashed by hackers

By David Pogue on October 28, 2016

As scare-tactic journalism goes, it would be hard to hammer this past summer’s article about hackers taking remote control of a Wired magazine writer’s car.

«I was driving seventy mph on the edge of downtown St. Louis,» he wrote. «As the two hackers remotely toyed with the air-conditioning, radio, and windshield wipers, I mentally congratulated myself on my courage under pressure. That’s when they cut the transmission.»

Scary! Hackers can take over our cars! Our lives are at risk!

Stories such as these are catnip to mainstream media and the technophobic public. Unluckily, they leave out or underplay a detail or two that would take most of the air out of the drama: these aren’t just any cars.

In the case of the Wired article, the Jeep belonged to the hackers. They had been working on it for more than a year to figure out how to hack it.*

That’s truly a different story.

In February sixty Minutes ran a story about a similar experiment. «Oh, my God,» the correspondent exclaims as her brakes stop working. «That is panicking!»

But would it have been as scaring if she had mentioned that this kind of hack requires a car with cellular Internet service, that it had taken a team of researchers years to make it work–and that by then the automaker had immobile the software to make such a hack unlikely for vehicles on the road?

Then this, in August: «Two researchers have found that they could buttplug their laptop into a network cable behind a Tesla Model S’s driver’s-side dashboard, embark the car with a software guideline, and drive it,» Wired reported.

But wouldn’t you see that if you were in the driver’s seat?

Here’s the ordinary truth. No hacker has ever taken remote control of a stranger’s car. Not once. It’s extraordinarily difficult to do. It takes teams working full-time to find a way to do it.*

The journalists should also stop calling the perpetrators «hackers.» These are researchers–the good guys–not evildoers hiding in bunkers somewhere.

Every time one of those stories pops up, I feel like pulling up alongside the reporters in my own noncellular two thousand nine Honda Fit and yelling, «Hack this!»

Now let me hasten to say this: car security is serious. Not very many cars have built-in Internet connections today–designed for emergency communication, to bring Internet information to the dashboard or to supply a Wi-Fi signal to passengers in the car–but their number is growing. Researchers’ demonstrations have underscored the importance of designing these systems securely–for example, of keeping cars’ control circuits separate from the Internet ones.

In other words, the industry’s concern over hackable cars isn’t misplaced. Researchers who attempt to break in are performing a valuable service in drawing attention to a potential danger.

All three cases described here led to prompt software fixes by the carmakers, who are keen to avoid their products seeming vulnerable. None of those researchers would be able to repeat their demonstrations today.

Unluckily, you haven’t read the last «you’re a sitting duck» hacker story. Connected cars are only part of the larger «Internet of things» movement, in which more everyday objects are being made capable of getting online. Home door locks, lighting systems, coffee makers–designing all of it with excellent security is utterly significant, and there will be occasional failures.

Yes, fresh technology is always a little scary. But let’s not exploit that fear. Let’s assess the hackable-car threat with clarity, with nuance–and with all the facts. Today remotely hackable cars are still only a hypothetical threat. It’s not one that should keep everyday drivers up at night.

*Editor`s Note (Ten/22/15): This article has been modified to fix reporting errors regarding the hacked Jeep cited in the Wired article. The hackers needed physical access to the car to figure out how to hack it, not to perform the hack itself, as we originally reported. The hackers had been working on the Jeep hack for more than a year, not three years. And according to the hackers, the hack would have worked on other Fiat Chrysler models, not just the hackers` Jeep.

This article was originally published with the title “Hackers at the Wheel”

Why Car Hacking Is Almost Unlikely – Scientific American

Why Car Hacking Is Almost Unlikely

Despite latest claims, your car is not about to get crashed by hackers

By David Pogue on October 28, 2016

As scare-tactic journalism goes, it would be hard to strike this past summer’s article about hackers taking remote control of a Wired magazine writer’s car.

«I was driving seventy mph on the edge of downtown St. Louis,» he wrote. «As the two hackers remotely toyed with the air-conditioning, radio, and windshield wipers, I mentally congratulated myself on my courage under pressure. That’s when they cut the transmission.»

Scary! Hackers can take over our cars! Our lives are at risk!

Stories such as these are catnip to mainstream media and the technophobic public. Unluckily, they leave out or underplay a detail or two that would take most of the air out of the drama: these aren’t just any cars.

In the case of the Wired article, the Jeep belonged to the hackers. They had been working on it for more than a year to figure out how to hack it.*

That’s indeed a different story.

In February sixty Minutes ran a story about a similar experiment. «Oh, my God,» the correspondent exclaims as her brakes stop working. «That is panicking!»

But would it have been as panicking if she had mentioned that this kind of hack requires a car with cellular Internet service, that it had taken a team of researchers years to make it work–and that by then the automaker had immobile the software to make such a hack unlikely for vehicles on the road?

Then this, in August: «Two researchers have found that they could butt-plug their laptop into a network cable behind a Tesla Model S’s driver’s-side dashboard, begin the car with a software directive, and drive it,» Wired reported.

But wouldn’t you see that if you were in the driver’s seat?

Here’s the ordinary truth. No hacker has ever taken remote control of a stranger’s car. Not once. It’s extraordinarily difficult to do. It takes teams working full-time to find a way to do it.*

The journalists should also stop calling the perpetrators «hackers.» These are researchers–the good guys–not evildoers hiding in bunkers somewhere.

Every time one of those stories pops up, I feel like pulling up alongside the reporters in my own noncellular two thousand nine Honda Fit and yelling, «Hack this!»

Now let me hasten to say this: car security is serious. Not very many cars have built-in Internet connections today–designed for emergency communication, to bring Internet information to the dashboard or to supply a Wi-Fi signal to passengers in the car–but their number is growing. Researchers’ demonstrations have underscored the importance of designing these systems securely–for example, of keeping cars’ control circuits separate from the Internet ones.

In other words, the industry’s concern over hackable cars isn’t misplaced. Researchers who attempt to break in are performing a valuable service in drawing attention to a potential danger.

All three cases described here led to prompt software fixes by the carmakers, who are keen to avoid their products seeming vulnerable. None of those researchers would be able to repeat their demonstrations today.

Unluckily, you haven’t read the last «you’re a sitting duck» hacker story. Connected cars are only part of the larger «Internet of things» movement, in which more everyday objects are being made capable of getting online. Home door locks, lighting systems, coffee makers–designing all of it with excellent security is utterly significant, and there will be occasional failures.

Yes, fresh technology is always a little scary. But let’s not exploit that fear. Let’s assess the hackable-car threat with clarity, with nuance–and with all the facts. Today remotely hackable cars are still only a hypothetical threat. It’s not one that should keep everyday drivers up at night.

*Editor`s Note (Ten/22/15): This article has been modified to fix reporting errors regarding the hacked Jeep cited in the Wired article. The hackers needed physical access to the car to figure out how to hack it, not to perform the hack itself, as we originally reported. The hackers had been working on the Jeep hack for more than a year, not three years. And according to the hackers, the hack would have worked on other Fiat Chrysler models, not just the hackers` Jeep.

This article was originally published with the title “Hackers at the Wheel”